CVE-2010-3116
webkit: memory corruption with MIME types
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.
Google Chrome anterior a v5.0.375.127 no procesa correctamente los tipos MIME, lo que podría permitir a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto mediante vectores desconocidos
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-08-24 CVE Reserved
- 2010-08-24 CVE Published
- 2023-04-14 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (22)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/41856 | Third Party Advisory | |
| http://secunia.com/advisories/42314 | Third Party Advisory | |
| http://secunia.com/advisories/43068 | Third Party Advisory | |
| http://secunia.com/advisories/43086 | Third Party Advisory | |
| http://support.apple.com/kb/HT4455 | Third Party Advisory |
|
| http://support.apple.com/kb/HT4456 | Third Party Advisory |
|
| http://www.securityfocus.com/bid/44200 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2010/2722 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2010/3046 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2011/0212 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2011/0216 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2011/0552 | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11909 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 5.0.375.127 Search vendor "Google" for product "Chrome" and version " < 5.0.375.127" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | < 4.1.3 Search vendor "Apple" for product "Safari" and version " < 4.1.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | >= 5.0 < 5.0.3 Search vendor "Apple" for product "Safari" and version " >= 5.0 < 5.0.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 4.2 Search vendor "Apple" for product "Iphone Os" and version " < 4.2" | - |
Affected
| ||||||
| Webkitgtk Search vendor "Webkitgtk" | Webkitgtk Search vendor "Webkitgtk" for product "Webkitgtk" | < 1.2.6 Search vendor "Webkitgtk" for product "Webkitgtk" and version " < 1.2.6" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 9.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10" | - |
Affected
| ||||||